diff --git a/files/lilik_ca_v1.pub b/files/lilik_ca_v1.pub new file mode 100644 index 0000000..4de8ba4 --- /dev/null +++ b/files/lilik_ca_v1.pub @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF1zCCA7+gAwIBAgIJAKFj/QEDXD7LMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNV +BAYTAklUMRAwDgYDVQQIDAdUdXNjYW55MREwDwYDVQQHDAhGbG9yZW5jZTEOMAwG +A1UECgwFTElMaUsxGTAXBgNVBAMMEExJTGlLIFJvb3QgQ0EgWDEwHhcNMTgwMzMw +MTc0MTEzWhcNMjMwMzI5MTc0MTEzWjBcMQswCQYDVQQGEwJJVDEQMA4GA1UECAwH +VHVzY2FueTERMA8GA1UEBwwIRmxvcmVuY2UxDjAMBgNVBAoMBUxJTGlLMRgwFgYD +VQQDDA9MSUxpSyBTU0wgQ0EgVjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQDcPVOj0z1tJSi743YlUq16NWV3pnDv5WUdRO+GDvSRo0ewIAkNwLSBCJYK +z2kOtsfm5ajHWlti3SJJwf4UBVwuQFSZoQ7pbUl86MhE49TvLBujeCddRl7aC2N6 +VpnESeJV0c3Et5dCXhLxRhru6C4UJhmohWCaYDE/1iCRjc+Of+D8m2Sv+pZ044ng +kt2UlLIuV+KldfuNjcdnOVcvIbAOHu3cq36k0qk0FwXE+nDAYJFoeYqlo3hnpgd1 +KqSPzzlofabUwwlnx8W5tibF2dkNqJwd/eukO2JMsh7A9wksU2eOq4+dd66xJJnt +d3LTxUTI9Eqr2n/q5vAlTw92R0UJbUSLWyqpMRpVzLDedQJWmiZ2zqfucQsnG1+G +2+ZJ95DLacwn7nX2Tnt5RlKhWPd92O05bCMzDqE/ajvvJk4yZ6VD62UzOlbaowrv +7zbXFoWPJ+/8DG5xTCGaq92ymH8rU76nDcj7YNj9CwXSQOrPbYi+pXwU8enaCmCB +QIQp39XKHQOkaxM0umsKqppFAFiD/I5MBwyxHQ6kuKN9ZuA1/8Kpq2pL4rz9p1Y6 +q1C+Mk1TlxvblGnqmHxqMFnN3JZ1AkoNBH2Yux7xwfKbAkAlz82JYakmTq7gYyUT +J0DXpnm4ObVWHSLpHUv5ooUCuhFQ+yyJjxk8BdeDpA1bVmVJhQIDAQABo4GaMIGX +MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHBzOi8vY2EubGlsaWsuaXQvcm9vdC5jcmwu +cGVtMB0GA1UdDgQWBBSM3nDvB7vyHHEGq1XEpEMcbH2TqzAfBgNVHSMEGDAWgBSl +6VXXpRdFxOheRLGGPbxAfpwInDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAsvJJIupTcmyVxV1VZj+LkooKLkfv +uIDeXyBZCtQB5oxu2YzsD8piuI/cplWzylLSbNRSopPGGhTr5Zz25iGy9Rf2+t+R +l8zBqEI2b2pdn+cxiPzUWTOxAgf98MUDkMv9elJkFGHbGWaH1uEPr8I4aaj2xa8y +6Eg8rF34SQxOdJIBdl52w3wFU93AlXginsdJogx+/iyRDv7RA1iTnMdV59lgR1a1 +xvLynBJKtMFGQfQIChkgSUr9PXZdwBmiEua1w7pk4q3DRp/osYVAVUj0h1p9vO3H +jDrRfuxPA5OD0mEA68tTZ3a+IYvOQfzU0SyE0br8CFnSeQwC58VEPtmpZA9TEQoy +ZzRduR36WIlBfoTGYR7jjDnPHMEtP8DZCRmrUwTwIz/tL/Ujx+jXPZ5Fqrg8npVE +hU1BwMGxajDXL48Daz3C9Tk7/GMitKyX7voZRVpqMV8fz0lqRcZ+jr0MPtlG60zm +Drjc251yOhmuh1sLXbLLJC0la9eU5sCUAXNENffHW73X0oITdczLuWE+uFhUV4dX +ldTkiKx1H+9YtPl3ICQXoomSpYWxe6WCD/cPX8pVUvQhP4TIQoR0+xe0s95gwred +OTxdaXKfODpERQItgfzy+C9+3yN6l6Tq4mHb+5jdupYJAGxoiGHuj6G32toCAJ6J +/R+z0j1OG0/7tT4= +-----END CERTIFICATE----- diff --git a/files/lilik_ca_x1.pub b/files/lilik_ca_x1.pub new file mode 100644 index 0000000..6390556 --- /dev/null +++ b/files/lilik_ca_x1.pub @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFkzCCA3ugAwIBAgIJAIz9Xnt5L7gNMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNV +BAYTAklUMRAwDgYDVQQIDAdUdXNjYW55MREwDwYDVQQHDAhGbG9yZW5jZTEOMAwG +A1UECgwFTElMaUsxGTAXBgNVBAMMEExJTGlLIFJvb3QgQ0EgWDEwHhcNMTcwNzAy +MjI0MjAxWhcNMjcwNjMwMjI0MjAxWjBdMQswCQYDVQQGEwJJVDEQMA4GA1UECAwH +VHVzY2FueTERMA8GA1UEBwwIRmxvcmVuY2UxDjAMBgNVBAoMBUxJTGlLMRkwFwYD +VQQDDBBMSUxpSyBSb290IENBIFgxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAt28pnDocAfBcva/hfjDdROLN8fvXMzyWOFLTQABNtoEdmOSB2EPu9nIV +Bw917khgzfWo3A/uV6mUvqanMaDm/Y4jwAY6qSn60hOrcaFRazzfcwgKFDaTXi/7 +4aJlGvHIPrcG25m5yVXgy2swBGPulWPRki4ZRwdpUZx9SW9Z4YFooZE4imneb0ab +HVdakeV9Olj+hiWVQsKScqSh0Md9qogUye/3t0KSb3T9MHSfVe/zG7djGh7RiqAu +BsnodI63wI4ssyTKSVOC4bAQ/PKP6pw+Pa1hKwfHZMFGSd3M/LNacIPeFdmA/YHW +z4OrW/uTsR6vkApQ6YOd46e2rY5zanKx1pj8ABhUJYFfyRwqNUez2kA6KBUUsD/r +RDhcVPNpWG8dsJ0/ny351V7Cvi3BZkzzphLTUGCN3F7zQbanVi+BVpIb5e1NVcoy +Hc4sZ0mGd3SzUVqgCD4jAQIlfZdrPTJlxq6c31hlH5JIRY7dwmuwARCYoIgeGeEg +AGLp45sjN9TC9EWj2Q1ANFtxWpEfJ8/LUEdHcrB/gF2u+BX4pmWuz1Y/MbJLRzgb +90QAe3/00tYD9PBICeC52eB3pdjaRtwZFQaVzxs8Dgexkd03++9Y63HJkwdXAFLd +RetdqOBU4B4Rr7HvriFn4Vmo4b+bk8Ln4veh2qKPQ1xuiSwwntsCAwEAAaNWMFQw +HQYDVR0OBBYEFKXpVdelF0XE6F5EsYY9vEB+nAicMB8GA1UdIwQYMBaAFKXpVdel +F0XE6F5EsYY9vEB+nAicMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZIhvcNAQEL +BQADggIBAKvyAP9Yc9jC3tKDOVTpiZCGSUPDfNl1FkE3RaD9O7Ou9ymwP5I+j6qB +OvVtivZSX14z27SICcAgUYQ/4YkS0bHQCCCoqXTGA7E0pNR9XuJgQnHe/2kC7Vvs +KuDZIKHUPoaLvtgBhzEMUMy231KDXaOf50IWjkzkAFr/8JJyKb0yfkqWsoNJWzvi +hBx0xDd7JouMJJxCTQ0OvpeIeMs7NGB0VuziaybF4f0CCe9/84gegCeA2kLAL6xU +o5jRc/V8wtgpU0Z48K6OecLkUBFDJDU6Qyi2mhLcp+JqFyOatixfDMRKGcd1DjyZ +7lHxqNgjbR1/mJXnmReXaq29QLGeqc0GetG+Yl7QrCJqBpxGl+ICcuH9NwAbYaWI +DO84q/GEqfAYga/0ypUA7NkTNVXngRCHSnSxetVhgePZfLIbCN5Xhb4AsyPAQ2NS +8VkqwyGZdU7mKFCyConKH7rCR/XHEWkJAO55Y0BTIEaqPJyf67iAw8R13wl+eGyp +BNZcmKt6bZifJo/SX9g0SzK6Al4IAnaMagsJvXVC4GjrWutyR8nOSh09sR8az1fc +UdJqic9JrlftQPbDxnS6pGX0VduXqRe9xM6KZCHwalb7z59OT8n41b3R3/r1pjJ9 +xnfYOdBad0uZfKK3y5VCo8HQYEu+zPyW0jYTPK/ghLeKzmiIvPpB +-----END CERTIFICATE----- diff --git a/files/test_vpn_ca.crt b/files/test_vpn_ca.crt deleted file mode 100644 index 339e6ca..0000000 --- a/files/test_vpn_ca.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFczCCA1ugAwIBAgIJAM9x76ZW4QGnMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV -BAYTAklUMRAwDgYDVQQIDAdUdXNjYW55MREwDwYDVQQHDAhGbG9yZW5jZTEOMAwG -A1UECgwFTElMaUsxDDAKBgNVBAsMA3ZwbjAeFw0xNzAzMjYxNTU5MThaFw0xODAz -MjYxNTU5MThaMFAxCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdUdXNjYW55MREwDwYD -VQQHDAhGbG9yZW5jZTEOMAwGA1UECgwFTElMaUsxDDAKBgNVBAsMA3ZwbjCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANntnC79f90kiDOfR1C5toJt/Emg -s56ajW7OtFtLPn/e/0ssKnO5eMNThs5+tYCsrZf+J/3QQUcZo77r2YFCbB9XZASv -SNz/eFtUFQDvCtwxT6S3XmrymFd+pBgfCgC5/4qaNJGKz+HUBaVrrBWG2QnmEPJb -ZWh45AGMla2QX7C3HmOZgMomQSQqK/kxGoOotIhBoy07pky3C8YhWthagDp5Y+wW -Gt6RBowEPza316bQWYQcsPmVg3TOdZH4DZGnWGl2rOHcwfaYyaLPv2bdd58J2ToU -IOhjAF8wLnU2syizeqO7zEzBInMudXxaubOOtBZUFEeKkyeq6fO7obM37nCaXDzU -fClg/WyY3DEmGN7b/H2JUPXDpjnmX+sBZrWAUZCwnkoseaA3wqp1cigAdhNVC19q -0Y/BhRiDNTyBC8tE0Tv5etSGog5rvFOCuoPM5psXuXUWToMOZsEZ5bMf34UF+p4C -mx8k4eLm3NsYWndAkRQKpCVmptMBR9rW6DdChgEYM+5keI+6pIb7eTO3ndHtpY4Y -W1IA059yA3eP1JqnqsxkvVqPBX7wr7fGUoibwZigA64w2gY4tjewocTJZrlZupqe -hct4a/A/vRJqCQqTGSjJdbmwau0wv8N45bgQq3R2y5ERqu5/pc1n+yVrWV7KZeOb -bXja/U2PzzYS9CdLAgMBAAGjUDBOMB0GA1UdDgQWBBR59Xeu/85H4hAhxF6bjnHs -RBw8gzAfBgNVHSMEGDAWgBR59Xeu/85H4hAhxF6bjnHsRBw8gzAMBgNVHRMEBTAD -AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA2z+RrzF5WRwAHAECP7cOLZr1Py7qZjMeh -pAMxP4YUYKKPjvsEIdR9ZXDCVBt6BaiVRoUJfdhq+6idb7/sYgv3QL3wfXonMpFY -eB9mpDcV2i7ei+VhJVUTAs+F4HBZgXvu3pdy2WRyNheMCl4NqWJj6MVLR+xRjaJ4 -G/0HxnI1/rJs3GA2baXwFFgDOa8wV8iC23yDz0mlFqjpkh3u5LAYR3Le9xL7MOdd -G+v2whzX8DDjQskkUlvt6BqSH9OGWC3yYqSG/LDFu3HkdyCyUyBlsfh9LvAu3jvA -GCcS7F86GaE/wroPpM34U99lI96ieTN2WC1LteLxa73TLV02JiZAVbqCRSzmf1Ti -dDelWXTZ95dyMnytB2iECwSYrHeANfnkBh45rjvWeNPMaFOPuYbfJaag/88IJbTF -NbDlHWbXY5TJzF9E0usNABdZ00TJWqJSGIJpnKO8iTK7wKrWS7CvRhR8GEDYRFRt -FT1T2q/0cufBF1flTndz5g0mkoJxlV/pOCh7eKGLZYFjXSbs8pS8gWjkqmAlT5q6 -6e/Ov0gITxSYiNeLRKtBii0U7IRaVDcGS1DzF7Kve4VMKooXQyaQ0BbhpcTpxSKc -ACnFg6fDKmdXpOM75BMAOf+j08UolT/FhAuQ+YmOeAezcMejmQX+qUb+hEh35B+0 -0F7Syw/qWg== ------END CERTIFICATE----- - diff --git a/roles/openvpn/tasks/main.yaml b/roles/openvpn/tasks/main.yaml index 05a515d..fbcfcfd 100644 --- a/roles/openvpn/tasks/main.yaml +++ b/roles/openvpn/tasks/main.yaml @@ -86,18 +86,16 @@ register: set_pub_key when: not openvpn_cert_key.stat.exists -- name: copy vpn ca public key - copy: - src: lilik_ca_x1.pem - dest: /etc/openvpn/lilik_ca_x1.pem - -- name: copy vpn ca public key - copy: - src: lilik_ca_v1.pem - dest: /etc/openvpn/lilik_ca_v1.pem - -- name: create fullchain - command: "cat /etc/openvpn/lilik_ca_x1.pem /etc/openvpn/lilik_ca_v1.pem > /etc/openvpn/ca.crt" +- set_fact: + certificates: + - files/lilik_ca_x1.pub + - files/lilik_ca_v1.pub + +- name: create vpn fullchain + template: + src: fullchain.j2 + dest: /etc/openvpn/fullchain.crt + notify: reload openvpn - name: write openvpn configuration template: diff --git a/roles/openvpn/templates/openvpn.j2 b/roles/openvpn/templates/openvpn.j2 index 4034c42..acb6571 100644 --- a/roles/openvpn/templates/openvpn.j2 +++ b/roles/openvpn/templates/openvpn.j2 @@ -6,7 +6,7 @@ config openvpn 'vpn' option dev 'tun' option server '10.8.0.0 255.255.255.0' option keepalive '10 120' - option ca '/etc/openvpn/ca.crt' + option ca '/etc/openvpn/fullchain.crt' option cert '/etc/openvpn/openvpn.cert' option key '/etc/openvpn/openvpn.key' option dh '/etc/openvpn/dh2048.pem' diff --git a/templates/fullchain.j2 b/templates/fullchain.j2 new file mode 100644 index 0000000..da43da8 --- /dev/null +++ b/templates/fullchain.j2 @@ -0,0 +1,4 @@ +{% for certificate in certificates %} +{% include certificate %} + +{% endfor %}